pkg:Alpine/python3

All known vulnerabilities

• CRITICAL9.8CVE-2022-37454Buffer overflow in sponge queue functions
  from 0, < 3.10.9-r0
• CRITICAL9.8CVE-2021-29921In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string.
  from 0, < 3.9.5-r0
• CRITICAL9.8CVE-2021-3177python2.7 - security update
  from 0, < 3.7.7-r2
• CRITICAL9.8CVE-2019-9636Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during N…
  from 0, < 3.6.8-r0
• CRITICAL9.4CVE-2025-4517Arbitrary writes via tarfile realpath overflow
  from 0, < 3.11.13-r0
• HIGH7.8CVE-2024-9287Virtual environment (venv) activation scripts don't quote paths
  from 0, < 3.11.11-r0
• HIGH7.8CVE-2023-6597python3.7 - security update
  from 0, < 3.10.14-r0
• HIGH7.8CVE-2022-42919Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration.
  from 0, < 3.10.9-r0
• HIGH7.6CVE-2015-20107python3.9 - security update
  from 0, < 3.10.5-r0
• HIGH7.5CVE-2025-4330Extraction filter bypass for linking outside extraction directory
  from 0, < 3.11.13-r0
• HIGH7.5CVE-2025-4138Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
  from 0, < 3.11.13-r0
• HIGH7.5CVE-2024-6232Regular-expression DoS when parsing TarFile headers
  from 0, < 3.10.15-r0
• HIGH7.5CVE-2024-7592Quadratic complexity parsing cookies with backslashes
  from 0, < 3.10.15-r0
• HIGH7.5CVE-2024-4032Incorrect IPv4 and IPv6 private ranges
  from 0, < 3.10.15-r0
• HIGH7.5CVE-2022-45061An issue was discovered in Python before 3.11.1.
  from 0, < 3.9.16-r0
• HIGH7.5CVE-2018-20406python3.5 - security update
  from 0, < 3.6.8-r0
• HIGH7.5CVE-2019-20907python3.5 - security update
  from 0, < 3.8.5-r0
• HIGH7.5CVE-2019-5010An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.
  from 0, < 3.6.8-r1
• HIGH7.5CVE-2019-16056python2.7 - security update
  from 0, < 3.7.5-r0
• HIGH7.5CVE-2018-14647python3.4 - security update
  from 0, < 3.6.8-r0
• HIGH7.5CVE-2018-1061python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK m…
  from 0, < 3.5.6-r0
• HIGH7.5CVE-2018-1060python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
  from 0, < 3.5.6-r0
• MEDIUM6.5CVE-2020-8492Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct…
  from 0, < 3.7.7-r0
• MEDIUM6.2CVE-2024-0450Quoted zip-bomb protection for zipfile
  from 0, < 3.10.14-r0
• MEDIUM6.1CVE-2019-16935python2.7 - security update
  from 0, < 3.7.5-r0
• MEDIUM5.9CVE-2021-23336Web Cache Poisoning
  from 0, < 3.8.8-r0
• MEDIUM5.9CVE-2020-14422python-ipaddress - security update
  from 0, < 3.7.7-r1
• MEDIUM5.7CVE-2021-3426There's a flaw in Python 3's pydoc.
  from 0, < 3.9.4-r0
• MEDIUM5.5CVE-2024-6923Email header injection due to unquoted newlines
  from 0, < 3.10.15-r0
• MEDIUM5.5CVE-2020-8315In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may…
  from 0, < 3.7.7-r0
• MEDIUM5.3CVE-2024-12718Bypass extraction filter to modify file metadata outside extraction directory
  from 0, < 3.11.13-r0
• MEDIUM5.3CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.
  from 0, < 3.9.18-r0
• MEDIUM5.3CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character.
  from 0, < 3.10.15-r0
• —CVE-2025-4516Use-after-free in "unicode_escape" decoder with error handler
  from 0, < 3.11.12-r1
• —CVE-2025-0938URL parser allowed square brackets in domain names
  from 0, < 3.11.12-r0
• —CVE-2024-12254Unbounded memory buffering in SelectorSocketTransport.writelines()
  from 0, < 3.12.8-r1
• —CVE-2024-8088Infinite loop when iterating over zip archive entry names from zipfile.Path
  from 0, < 3.10.14-r2
• —CVE-2015-2104Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.
  from 0, < 3.10.15-r0